 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Yesterday, David Kramer gleaned this insight: > A system change monitoring tool I am using flagged these files as having > been changed to setuid. Now this tool often reports false positives, so > I am not assured of this, but I could not find any docs on these files, > either. > > -r-sr-xr-x 1 root root 15752 Jul 21 2000 pwdb_chkpwd > -r-sr-xr-x 1 root root 16376 Jul 21 2000 unix_chkpwd > > I checked another (older) machine, which had pwdb_chkpwd with the same > permissions, but unix_chkpwd > was not there. There were no man pages, but a find/grep on /usr/doc > showed that pwdb_chkpwd was part of PAM. unix_chkpwd was not found > anywhere. > > Any thoughts? [ddm at sol ddm]$ find /sbin /usr -name "*chkpwd" /sbin/pwdb_chkpwd /sbin/unix_chkpwd [ddm at sol ddm]$ ls -l /sbin/*chkpwd -r-sr-xr-x 1 root root 15752 Jul 21 2000 /sbin/pwdb_chkpwd* -r-sr-xr-x 1 root root 16376 Jul 21 2000 /sbin/unix_chkpwd* [ddm at sol ddm]$ rpm -qf /sbin/unix_chkpwd pam-0.72-20 [ddm at sol ddm]$ rpm -qf /sbin/pwdb_chkpwd pam-0.72-20 Looks like mine is set up the same as yours, and they're both a part of PAM, so it's no major surprise they're SUID. This is RH6.2, BTW. You can use RPM (if your system uses RPM) to check whether or not they've been modified, a la: rpm -V pam which on my system comes back with no mention of these files, indicating that they haven't been changed (or possibly that my RPM database or the rpm command itself have been tampered with, but that's extremely unlikely on this system, and I'd most likely have noticed it if it were). -- You know that everytime I try to go where I really want to be, It's already where I am, cuz I'm already there... ------------------ Derek D. Martin Unix/Linux Geek ddm at pizzashack.org ------------------ - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
